/**
* Check for CSRF attacks
*
* @return bool
*/
function checkCSRF()
{
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return FALSE;
}
$default_url = Context::getDefaultUrl();
$referer = $_SERVER["HTTP_REFERER"];
if (strpos($default_url, 'xn--') !== FALSE && strpos($referer, 'xn--') === FALSE) {
$referer = Context::encodeIdna($referer);
}
$default_url = parse_url($default_url);
$referer = parse_url($referer);
$oModuleModel = getModel('module');
$siteModuleInfo = $oModuleModel->getDefaultMid();
if ($siteModuleInfo->site_srl == 0) {
if ($default_url['host'] !== $referer['host']) {
return FALSE;
}
} else {
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
if (strtolower($virtualSiteInfo->domain) != strtolower(Context::get('vid')) && !strstr(strtolower($virtualSiteInfo->domain), strtolower($referer['host']))) {
return FALSE;
}
}
return TRUE;
}
/**
* @brief Change settings
*/
function procInstallAdminSaveTimeZone()
{
$db_info = Context::getDBInfo();
$admin_ip_list = Context::get('admin_ip_list');
if ($admin_ip_list) {
$admin_ip_list = preg_replace("/[\r|\n|\r\n]+/", ",", $admin_ip_list);
$admin_ip_list = preg_replace("/\\s+/", "", $admin_ip_list);
if (preg_match('/(<\\?|<\\?php|\\?>)/xsm', $admin_ip_list)) {
$admin_ip_list = '';
}
$admin_ip_list .= ',127.0.0.1,' . $_SERVER['REMOTE_ADDR'];
$admin_ip_list = explode(',', trim($admin_ip_list, ','));
$admin_ip_list = array_unique($admin_ip_list);
if (!IpFilter::validate($admin_ip_list)) {
return new Object(-1, 'msg_invalid_ip');
}
}
$default_url = Context::get('default_url');
if ($default_url && strncasecmp('http://', $default_url, 7) !== 0 && strncasecmp('https://', $default_url, 8) !== 0) {
$default_url = 'http://' . $default_url;
}
if ($default_url && substr($default_url, -1) !== '/') {
$default_url = $default_url . '/';
}
/* convert NON Alphabet URL to punycode URL - Alphabet URL will not be changed */
$default_url = Context::encodeIdna($default_url);
$use_ssl = Context::get('use_ssl');
if (!$use_ssl) {
$use_ssl = 'none';
}
$http_port = Context::get('http_port');
$https_port = Context::get('https_port');
$use_rewrite = Context::get('use_rewrite');
if ($use_rewrite != 'Y') {
$use_rewrite = 'N';
}
$use_sso = Context::get('use_sso');
if ($use_sso != 'Y') {
$use_sso = 'N';
}
$use_db_session = Context::get('use_db_session');
if ($use_db_session != 'Y') {
$use_db_session = 'N';
}
$qmail_compatibility = Context::get('qmail_compatibility');
if ($qmail_compatibility != 'Y') {
$qmail_compatibility = 'N';
}
$delay_session = Context::get('delay_session');
if ($delay_session != 'Y') {
$delay_session = 'N';
}
unset($db_info->cache_friendly);
$minify_scripts = Context::get('minify_scripts');
if (!$minify_scripts) {
$minify_scripts = 'common';
}
$use_html5 = Context::get('use_html5');
if (!$use_html5) {
$use_html5 = 'N';
}
$db_info->default_url = $default_url;
$db_info->qmail_compatibility = $qmail_compatibility;
$db_info->minify_scripts = $minify_scripts;
$db_info->delay_session = $delay_session;
$db_info->use_db_session = $use_db_session;
$db_info->use_rewrite = $use_rewrite;
$db_info->use_sso = $use_sso;
$db_info->use_ssl = $use_ssl;
$db_info->use_html5 = $use_html5;
$db_info->admin_ip_list = $admin_ip_list;
if ($http_port) {
$db_info->http_port = (int) $http_port;
} else {
if ($db_info->http_port) {
unset($db_info->http_port);
}
}
if ($https_port) {
$db_info->https_port = (int) $https_port;
} else {
if ($db_info->https_port) {
unset($db_info->https_port);
}
}
unset($db_info->lang_type);
$oInstallController = getController('install');
if (!$oInstallController->makeConfigFile()) {
return new Object(-1, 'msg_invalid_request');
} else {
Context::setDBInfo($db_info);
if ($default_url) {
$site_args = new stdClass();
$site_args->site_srl = 0;
$site_args->domain = $default_url;
$oModuleController = getController('module');
$oModuleController->updateSite($site_args);
}
$this->setRedirectUrl(Context::get('error_return_url'));
}
}
